"SSO single Point Series" (3): Add CAS4.0 login Page Verification Code

Attach source code: Http://pan.baidu.com/s/1mgDptZa

　　

This article is mainly to explain how to add the verification code function on the login page, the default login page is only the user name and password function. Other I think add verification code is useless, because now my department to do the system is mainly placed in the intranet, outside the network is inaccessible. The verification code of the login page is mostly to prevent the account from being hacked, but I don't think the customer is going to be doing it. The above is only my own personal opinion, may be biased, as a vent to the anger of the customer, we look at the good, recently really was the customer engaged in a big head.  However, if your system is on the Internet, the verification code must be added. OK, the complaining hair is almost there, let's get down to the chase!

Eventually

Simple to do a page, the general situation will have a graphic design interface, and then everyone to develop on the line. Verification code plug-in with the Kaptcha , the specific use of the Internet a lot, we Google a bit on the search, it is quite simple to use.

Development

Now start to explain how to add verification code verification code in the single point process!

Project Import

In the first environment, we were all working directly under Tomcat, and now we need to import CAS server into our eclipse before we can proceed.

Find our downloaded Cas-server-4.0.0-release.zip decompression and go to the subdirectory to find the Cas-server-webapp project, because the code is built using MAVEN, and all imports are selected by Maven import. After the import is complete, the approximate structure is as follows:

PS: It is important to note that we should add the contents of the second article to the project you imported, otherwise it will not be effective, we must pay attention.

Configuration modifications

1. Open the Login-webflow.xml file and you may feel a little familiar. Yes, CAS has the use of the spring Web flow framework. Locate the following code:

<view-state id= "Viewloginform" view= "Casloginview" model= "credential" >        <!--note here--        <binder >            <binding property= "username"/>            <binding property= "password"/>        </binder>        <on-entry>            <set name= "viewscope.commandname" value= "' Credential '"/>        </on-entry>        <transition on= "Submit" bind= "true" validate= "true" to= "Realsubmit" >            <evaluate expression= " Authenticationviaformaction.dobind (Flowrequestcontext, flowscope.credential) "/>        </transition>    </view-state>

You see no, there is a form (viewloginform), there are username, password two properties, yes, this is the corresponding to our login page of the form. So we're going to add the Captcha property to this side.

        <binder>            <binding property= "username"/>            <binding property= "password"/>             <!--new additions- -            <binding property= "Captcha"/>        </binder>    

2. We only add a property here, is that enough? Of course not, because this configuration actually has a Java class in the code Usernamepasswordcredential.java, the specific path for Org.jasig.cas.authentication.UsernamePasswordCredential.java, look at the source to see, is actually a javabean. Then we can inherit it and add our Captcha Property! The following code is completed:

public class Usernamepasswordcaptchacredential extends        usernamepasswordcredential {    /**     * */    Private static final long serialversionuid = -864735145551932618l;    @NotNull    @Size (min=1,message = "Required.captcha")    private String captcha;        Omit set, Get method}

3. Well, the new JavaBean was born. Is that enough for you? There is actually a place to modify, back to the Login-webflow.xml file, the 27th row or so, modified as follows:

   <!--modified    <var name= "credential" class= "org.jasig.cas.authentication.UsernamePasswordCredential"/ >        <!--Modified--   <!--  <var name= "credential" class= " Org.jasig.cas.authentication.UsernamePasswordCredential "/>--        <var name=" credential "class=" Org.jasig.cas.authentication.UsernamePasswordCaptchaCredential "/>

This step can be skipped if you have the same name and class names as the original.

Ps:4.0 before the class is Org.jasig.cas.authentication.principal.UsernamePasswordCredentials.java, 4.0 after the change, we should pay attention to.

4. OK, next to add the verification code process, or just viewloginform there, we changed it to the following:

<!--<view-state id= "Viewloginform" view= "Casloginview" model= "credential" > <binder> <binding property= "username"/> <binding property= "password"/> <binding pr operty= "Captcha"/> </binder> <on-entry> <set name= "Viewscope.commandname" Valu E= "' Credential '"/> </on-entry> <transition on= "Submit" bind= "true" validate= "true" to= "REALSUBM It "> <evaluate expression=" authenticationviaformaction.dobind (Flowrequestcontext, flowScope.credential) " /> </transition> </view-state>

   --------------------------------I am split line-----------------------------<!--Modified--<view-state id= "Viewlogi            Nform "view=" Casloginview "model=" credential "> <binder> <binding property=" username "/>        <binding property= "password"/> <binding property= "Captcha"/> </binder>        <on-entry> <set name= "viewscope.commandname" value= "' Credential '"/> </on-entry> <transition on= "Submit" bind= "true" validate= "true" to= "Validatorcaptcha" > <evaluate expression= "Authenticationviaformaction.dobind (Flowrequestcontext, flowscope.credential)"/> </transition> </vi Ew-state> <!--Add a Validatorcaptcha checksum verification code--<action-state id= "Validatorcaptcha" > <eva Luate expression= "Authenticationviaformaction.validatorcaptcha (Flowrequestcontext, FlowScope.credential,    Messagecontext) "></evaluate>    <transition on= "error" to= "Generateloginticket"/> <transition on= "Success" to= "Realsubmit"/> & Lt;/action-state>

We added a Validatorcaptcha operation to the configuration, and we can see that expression is Authenticationviaformaction.validatorcaptcha (...).

So we need to add a verification code method Validatorcaptcha () in Authenticationviaformaction.

Authenticationviaformaction This bean is configured in the Cas-servlet.xml:

  <bean id= "authenticationviaformaction" class= "Org.jasig.cas.web.flow.AuthenticationViaFormAction"        p: centralauthenticationservice-ref= "Centralauthenticationservice"        p:warncookiegenerator-ref= " Warncookiegenerator "        p:ticketregistry-ref=" Ticketregistry "/>

We can look at the source code of Org.jasig.cas.web.flow.AuthenticationViaFormAction, there is a Submit method, this is the way we submit the form.

Let's rewrite it, probably modified to the following:

public class Cnblogauthenticationviaformaction extends authenticationviaformaction{public final String VALIDATORCAPTC                    Ha (final RequestContext context, final credential credential, Final Messagecontext messagecontext) {              Final HttpServletRequest request = webutils.gethttpservletrequest (context);              HttpSession session = Request.getsession ();              String captcha = (string) session.getattribute (Com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);                          Session.removeattribute (Com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);              Usernamepasswordcaptchacredential UPC = (usernamepasswordcaptchacredential) credential;                                     String Submitauthcodecaptcha =upc.getcaptcha (); if (! Stringutils.hastext (Submitauthcodecaptcha) | | ! Stringutils.hastext (Submitauthcodecaptcha)) {messagecontext.addmessage (New Messagebuilder (). Code ("required.       Captcha "). Build ());          return "error";              } if (Submitauthcodecaptcha.equals (CAPTCHA)) {return "success";            } messagecontext.addmessage (New Messagebuilder (). Code ("Error.authentication.captcha.bad"). Build ());        return "error"; }}

There are two exceptions thrown here, and the two exception information Required.captcha, Error.authentication.captcha.bad need to be added under Messages_zh_cn.properties file

Required.captcha= must enter a verification code. Error.authentication.captcha.bad= The verification code you entered is incorrect.

And then the authenticationviaformaction this bean path to our newly Added link, this is not affixed, you can change the above.

Modify over!

Summarize

In this way, the operation of adding a verification code is basically complete, you can try to see. , has been posted at the front of the post.

"SSO single Point Series" (3): Add CAS4.0 login Page Verification Code